admin管理员组

文章数量:1303668

We are doing MDAST scan with Burpsuite for our angular application. We got errors in Host Header Injection and Cross-origin-resource-sharing. For accessing local images from dist http request is triggered by angular.

The request to http://x.x.x.x:9021/ksi.svg has host and referer header; it doesn't include origin header (this image is loaded from css content: url property). The request to http://x.x.x.x:9021/assets/images/pka.svg has only host header, but it doesn't include both origin and referer header (this image is loaded from <img src=''>).

Why is there this difference in headers?

Note:

  • Both images locations are pointing to /assets/images/ folder only.
  • Angular version is 13.

We are doing MDAST scan with Burpsuite for our angular application. We got errors in Host Header Injection and Cross-origin-resource-sharing. For accessing local images from dist http request is triggered by angular.

The request to http://x.x.x.x:9021/ksi.svg has host and referer header; it doesn't include origin header (this image is loaded from css content: url property). The request to http://x.x.x.x:9021/assets/images/pka.svg has only host header, but it doesn't include both origin and referer header (this image is loaded from <img src=''>).

Why is there this difference in headers?

Note:

  • Both images locations are pointing to /assets/images/ folder only.
  • Angular version is 13.
  • angular
  • security
Share Improve this question edited Feb 5 at 21:03 CcmU 1,01014 silver badges30 bronze badges asked Feb 4 at 11:25 Sankareswari MSankareswari M 111 bronze badge
Add a comment  | 

1 Answer 1

Reset to default 0

Your image doesn't set any referer header, most likely because its refererpolicy attribute is set to no-referer, same-origin or it's set at the default strict-origin-when-cross-origin. On referrerPolicy docs you can find what are the accepted values for it and what each one does.

To answer your title question, i.e. "how to prevent Host Header Injection", you can do several things, among which:

  1. not using host header at all in server-side code
  2. whitelist only trusted domains
  3. check what your code does when used with other headers (expecially security headers like the X- ones)
  4. as for almost every web security related question: validate, validate, validate. Every input should be validated, especially if it should be secure

There is a really good post by PortSwigger that explain this attck and its countermesuares.

本文标签: securityHow do fix Host header injection in angular applicationStack Overflow

版权声明:本文标题:security - How do fix Host header injection in angular application? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741770179a2396703.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。